Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Project Name
Client
State of Minnesota
Document Author
Document Version
2.0 FINAL
Document Status
FINAL
Date Release
07/11/2014
Date
Additions/Modifications
Prepared/Revised by
1.0
6/03/2014
Draft
2.0
7/11/2014
-2-
Table of Contents
Sections
Page Numbers
45
Executive Summary
68
9 11
12 28
29 30
31 36
Status Reporting
37 42
43 47
Change Control
48 53
Defect Management
54 68
Test Management
69 83
Release Management
84 93
Appendices
Appendix A: Project Management Processes and Tools
Appendix B: Roles and Responsibilities
Appendix C: Interviews Conducted
94 115
-3-
Project Scope
1. Conduct an assessment of governance structure, decision-making processes, program and project management practices
and provide recommendations for consideration to implement governance structure, program and project management
controls and oversight
2. Conduct an assessment of the current state of the MNsure system from functional and technical perspective and provide
recommendations for consideration for the short-, mid-, and long-term
3. Perform the following project activities:
Program and Project Management
Project Planning
Functional and Technical Systems Assessment
Scope of this
Release Management
Defect and Issue Tracking
deliverable
Leadership and Planning of User Acceptance Testing (UAT)
Project Deliverables
Deloitte is contracted to produce five deliverables:
1. Report and reconciliation matrix of current status of Deliverables across existing vendor agreements
2. Project Management Analysis and Considerations Report
3. Phase 1 Functional and Technical Assessment Report with a categorization of key functional and system gaps and
considerations for a near-term system roadmap
4. Application Project Work Plan
5. Phase 2 Functional and Technical Assessment Report with a categorization of key functional and system gaps and
considerations for a mid-term and long-term
The focus of this deliverable is the Project Management Analysis and Considerations Report
-5-
Executive Summary
Executive Summary
Deloitte Consulting LLP (Deloitte) was engaged to conduct an assessment of the governance structure, accountability and
decision making, project management controls and software development lifecycle (SDLC) phases of testing, defect, and
release management. This assessment focused on identifying considerations for the State for the immediate term (calendar
year 2014) and for a sustainable project management structure and lifecycle.
During the Fall of 2013, much of the States efforts were focused on addressing issues that arose at the time of initial open
enrollment (October 1, 2013). During this period, we understand the governance and project management processes for the
project became less effective and resulted in a lack of coordination, integration and decision-making across the project teams
and stakeholders. Recognizing these challenges in early 2014, the State began to refresh efforts to reinstate its governing and
project management processes it had instituted at the outset of the project.
Deloitte identified observations, impacts and considerations in the following areas: (1) Governance; (2) Communication and
information flow; (3) Status reporting; (4) Risk management; (5) Issue management; (6) Change control; (7) Defect
management; (8) Testing management and (9) Release management. For each of the areas, the overall maturity of the
process/area was assessed against Deloittes proprietary project management methodology.
Governance: While positive efforts were noted in the reestablishment of a model of governance and related processes earlier
this year, their effectiveness remain diluted for a variety of structural, procedural, role definition, decision-making and
accountability challenges. The cumulative effect has been to create confusion among most leads and stakeholders, inconsistent
adherence to processes, untimely decision making and issue resolution. In addition to streamlining project execution
responsibility under a new Project Director role (within the Minnesota IT organization and has day to day responsibility for the
MNsure IT system project), the full establishment of a MN.IT MNsure Project Management Office (PMO), empowerment and
staffing of all governance bodies (including Change Control Board) was identified.
Prioritization of key tasks, activities and decisions made, need to be documented, communicated, and not revisited or changed.
MNsure IT system project work needs to be documented in an integrated project work plan to include testing and release
management activities built into the approach. Clarity of roles and establishing measurable accountability are key takeaways of
the observations.
-7-
While our observations are pervasive across the governance model and project management processes addressing these
needs with a positive impact to project momentum can usually be achieved in a short timeframe. The remainder of this
document provides the detail and considerations to affect this effort.
-8-
Approach
Deloittes approach to assessing the current project governance, project management and software development lifecycle
processes and tools was to interview stakeholders, review documents and processes, and identify gaps. Gaps were compared with
Deloittes Project Management Body of Knowledge (PMBOK) based project management methodology to develop considerations
for each of the assessment areas.
Identify
Stakeholders
Review Existing
Analysis
Deloittes Project
Management
Methodology
Process Walkthroughs
Interviews
Document
Reviews
Outputs
Observations, Impacts and Considerations for:
Status reporting
Risk management
Issue management
Change control
Defect management
Testing management
Release management
Proposed processes and tools (to-be implemented
by the MN.IT MNsure PMO) for:
Status reporting
Risk management
Issue management
Change control
Defect management
Testing management
Release management
- 10 -
Scope
The scope of this assessment is to provide observations and considerations focused around governance, prioritization,
communication and information flow, status reporting, risk and issue management, defect ,test and release management
Governance
Defect Management
Governance scope:
Governance structure
Accountability and decision-making
Test Management
Test management scope:
Testing plan
Testing lifecycle spanning unit test, integration, system test,
user acceptance test, production smoke test, and regression
test
Performance test, security test, and American Disabilities Act
(ADA) testing types
Status Reporting
Status reporting scope:
Reporting of status content
Status preparation and distribution
Change Control
Change control scope:
Change control board
Change control request process
Change control log and request form
- 11 -
Deloitte was engaged by the State of Minnesota (the State) to assess the project governance, organizational structure,
and project management approach and to recommend critical changes needed to improve overall management of the
project. The project is defined as the MNsure Phase II Project - which in short is the project to effect remediation and
enhancements to the system to fully enable the enrollment process for 2015 (which starts on November 15, 2014).
Three primary state entities have a stake in the project the Minnesota Insurance Marketplace (MNsure), the
Department of Human Services (DHS) and the Minnesota Information Technology agency (MN.IT). Our review included
understanding the business interests, relationships and impacts of these organizations on the project.
Today a Board of Directors governs the relatively newly formed MNsure organization (MNsure). At a summary level, the
Board by its charter predominantly determines strategy and delegates day to day operational management to its
appointed Executive Director, while also maintaining particular focus on the financial underpinnings of the organization.
The business of the organization (including policy setting) is exclusively that of the Board, who nonetheless can delegate
responsibility to its executive director or a committee(s).
The Department of Human Services (DHS), a more mature organization, is headed by a Commissioner with an
underlying executive team. The Commissioner has a permanent appointment on the MNsure Board of Directors.
The Minnesota Information Technology agency (MN.IT) is led by a Commissioner and the organization has broad
ownership of the States technology assets and resources, and operates as a shared services organization for their
respective business customers, including DHS and MNsure.
Although the MNsure and DHS organizations have unique business goals and interests, they share common interests as
they relate to providing health coverage to Minnesotans, and the underlying processes and system (MNsure system)
that enables that processing. MN.ITs stake in the relationship relates to the enablement and ongoing management of the
technology system as a shared services entity.
- 13 -
We understand from interviews, that events following the initial open enrollment period (October 2013) led to a significant
breakdown in project governance and management processes. This was due to the State being primarily focused on
addressing and remediating the issues that arose at the time of open enrollment.
Following the departure of the Executive Director of MNsure, the Board of Directors essentially stepped into the operational
leadership role left void by her departure. Since that time the Board has continued to play a significant role in the operations
of the Exchange, was successful in appointing a new Executive Director, and working collectively with DHS and MN.IT has
started to reestablish critical governance and project processes.
Unclear roles and responsibility, authority, lines of communication, reporting relationships, team and governing bodies
composition have added significant inefficiency and have fostered no or poorly informed decision-making across the project.
Priorities or decisions are not timely or at the appropriate governing level and often are revisited and or changed.
Of particular concern, was the inconsistent and unclear engagement of MN.IT, the states information technology agency,
with broad responsibility for all state IT activities and assets, and their role in managing and delivering the system
(particularly within the context of the systems plan for the state enterprise).
Management of the MNsure IT system development vendors has been inconsistent and appears to have impeded outputs
and progress.
The dominant engagement model has tended towards a siloed approach among key stakeholder agency staff - further
exasperated by loose vendor management who themselves have operated in a silo from one another.
Absence of a baseline and updated/maintained consolidated work plan for the project - that is comprehensive of all task
level details for all contributing resources and vendors through system delivery and post system go live stabilization has
made project direction, execution, progress tracking and management challenging.
A number of essential roles/positions were not defined/ vacant for the vast majority of the project (including Project Director,
Testing Lead) that further challenged the governance and project management processes and project effectiveness.
- 14 -
Summary Observation
Partially present
While most near-term interests are known and a long term MN.IT@ DHS strategic plan exists;
alignment, prioritization and longer-term plans need to be finalized and communicated.
Partially present
Model components exist and are operating clarification of select roles and project ownership,
role realignment and addition of new roles should be considered. Upon finalization, clear and
broad communication is needed.
Partially present
For a select few governance bodies Roles and Responsibilities were reasonably well defined, in
general they were are not uniformly defined, clear or well understood across all impacted
parties.
Partially present
A number of committees exist (from direction setting, control to quasi-operational). Certain
committees roles, operation and effectiveness may be diluting the overall governance process.
We observed some peering inconsistencies that should be addressed.
Partially present
Many governing groups at MNsure set priorities but they are not established with a clear
methodology. Once established, priorities are often modified or fully changed.
Partially present
Although partially evident and improvements over time were noted - to avoid decision-making
delays and to engage the most relevant experience/skills at the right time, there is a need to
(re)align and empower the decision-making process.
Partially present
Although many roles exist, critical ones are absent (including Project Director and a number of
subordinate but important roles such as a Testing Manager).
Partially present
While most processes exist, consolidation and further role and expectations clarifications are
needed to improve effectiveness.
- 15 -
Observation
Impact
Considerations
- 16 -
Observation
Impact
Considerations
- 17 -
Observation
Impact
Considerations
- 18 -
Observation
Impact
Considerations
10
- 19 -
Observation
Impact
Considerations
11
12
- 20 -
Observation
Impact
Considerations
13
Develop an integrated work plan for all ITrelated project activities. The plan serves as
the primary document governing the activities
on the project including dates, milestones,
deliverables, responsible parties, and
dependencies
14
15
- 21 -
Observation
Impact
Considerations
16
Develop an integrated work plan for all ITrelated project activities including: design,
development, testing, and release
activities. Empower the Project
Management Team, Project Director, and
the MN.IT MNsure PMO to manage and
drive the activities of the project based off
the project work plan
17
18
- 22 -
Business Owners/Sponsors
MN.IT
MNsure
DHS
Executive
Steering
Committee
Project
Management
Team
Change Control
Board
Project Director
MN.IT MNsure
Project
Management Office
Change
Training
Communications
Business
Analysts/SMEs
IT vendors
Test
Release
Defect
Technology
staff
- 23 -
MN.IT
MNsure
DHS
MNsure Board
Compliance
Workgroup
Other .
Workgroup
Financial
Workgroup
Technology
Workgroup
- 24 -
Key Responsibilities
Key Relationships
Strategic Planning
Policy determination/setting
Governance
Organizational/project direction setting
Project review and monitoring (in particular where
significant events or risks may impede progress or
success)
Key Decisions
Meeting Cadence
- 25 -
Strategic
Policy
Communications themes and approach
Key Responsibilities
Key Decisions
Key Relationships
Business Owners: Overall Strategy and Policy setting
MNsure, DHS and MN.IT: Communication of plans and operational
impacts and coordination with respective organizations
PMT: The PMT provides project updates to the Executive Steering
Committee and escalates issues and risks for final resolution
Public and Media: These stakeholder groups look to the
leadership for information about the status of project
Committees (incl. Health Industry Advisory Committee and the
Consumer and Small Employer Advisory): These groups consult
with and provide recommendations to operational leadership
- 26 -
Meeting Cadence
Weekly or bi-weekly until project key milestones are achieved
(can then revert to monthly)
Key Responsibilities
Key Decisions
Key Relationships
Meeting Cadence
One meeting per week
- 27 -
Key Responsibilities
Manage the project work plan, status reporting, risk and issue
tracking, change control, defect management, release
management, testing management, and communication
Provide reports to the Project Director on areas managed by
the MN.IT MNsure PMO
Communicate with key stakeholders
Develop project status reports and distribute to stakeholders
Key Decisions
Key Relationships
Project Director: The Project Director guides the activities of the
MN.IT MNsure PMO. The PMO supports the activities of the Project
Director in managing the MNsure IT system
MN.IT and DHS: Other PMO staff coordinate with the MN.IT MNsure
PMO to maintain MN.IT MNsure PMO alignment with tools,
processes, templates, standards, methodology, policies and
procedures used by other State PMOs.
Vendors: Vendor work plans are integrated into the master project
work plan, vendors provide input to the areas managed by the MN.IT
MNsure PMO
- 28 -
Meeting Cadence
Coordination occurs daily as a matter of on-going operations
Position
General Description
Project Director
The Project Director for the MNsure IT system manages and oversees the day-to-day
activities of the project management lifecycle. This full time resource is empowered to make
key decisions for the MNsure IT system and will escalate issues to the Project Management
Team as needed. The MN.IT MNsure PMO will support the Project Director in driving
MNsure IT system activities
Test Manager
Test Manager is accountable for testing, test plan development and execution in the
MNsure IT system including: test cases and scenarios, results and defect management,
testing status communications and defining entry and exit criteria across all test phases
(integration, system, performance/regression, and UAT)
Release
Manager
The Release Manager will lead release management end-to-end activities and ensure
compliance to quality in release management execution. The Release Manager defines and
enforces standards and processes for release management across all environments
Communications
Manager
Defect/Triage
Lead
The Defect/Triage Lead will be a member of the testing team and will track and manage all
defects, will lead defect and triage meetings, and will report on identified defects and their
status to the State and vendor partners
Other personnel gaps or needed positions were identified during the course of the governance assessment of the
MNsure organization, those considerations are identified in the remainder of Deloitte Deliverable #2: Program and
Project Management Assessment report.
- 30 -
- 32 -
Summary Observation
Integrated project communication plan with key communications events as well as the
target audience, timing, delivery mechanism, key messages, and responsible parties
Not present
An integrated communications plan does not
exist, communication occurs in silos
Partially present
Matrixes exist, however communication
categorization and focus is not included
Not present
Templates, triggers, and timing, are not
standardized and integrated with the project
Not present
A formalized process is not documented for
communication creation, approval, and
distribution processes
Partially Present
Bidirectional feedback mechanisms have not
been fully and consistently implemented to
measure stakeholder engagement
Partially present
Communication forums take place within
individual stakeholder groups. Additional
communication forums have not been
implemented for project communications such as:
Newsletters
Collaboration Groups
Town halls
- 33 -
Observation
Impact
Considerations
19
20
21
- 34 -
Observation
Impact
22
As a result of inconsistent
communications, confusion and
miscommunication may occur and
ultimately stakeholders could become
disengaged
23
24
- 35 -
Considerations
Observation
Impact
25
26
27
- 36 -
Considerations
Status Report
The project status report relies on close coordination between vendors and State resources to represent the project status. The
status report serves as an opportunity to communicate clearly across the project about activities and possible issues or risks that
may be present, and reduces the need for clarification or re-explanation of project status during the course of project activities. It
provides governance groups with appropriate information to allow the groups to make decisions that fulfill their responsibilities
Summary Observations from the assessment, and additional detailed observations, impacts, and considerations for the Status
Reporting area are presented on following slides
- 38 -
Summary Observation
Present
A status report is produced weekly, however not all
key project health metrics are included
Not present
An overall executive summary that provides a high
level overview of the status is not present
Not present
A summary of executive items is not included in status
report
Partially present
Report describes some upcoming activities but does
not fully detail project interdependencies
Partially present
Vendors provide only brief updates in the status report
Present
Not present
Not included in status report, a view of resources is not
present
Present
Not present
Not included in status report, a view of quality is not
present
- 39 -
Summary Observation
Partially present
Key metrics for managing the project are missing such
as variances and completion percentages
Partially present
Insights are provided at a summary level, but detailed
dashboards do not exist for trends, change requests,
risks, issues
Partially present
Currently distributed to project leadership but not all
stakeholders
- 40 -
Observation
Impact
Considerations
28
29
30
- 41 -
MNsure1
(Board of Directors)
MN.IT1
DHS1
Report Distributed
Vendors
MN.IT MNsure
PMO
Project
Director
MN.IT
Technical
Leads
MNsure/DHS
Business
- 42 -
The assessment of risk and issue management included evaluating existing risk and issue management processes
and tools to provide assessment results, go-forward considerations, and an approach of how risks and issues can
be communicated across the project. The assessment was conducted across the elements of governance, process,
tools, and metrics for the entire issue and risk life cycle ranging from issue and risk reporting, tracking, assignment,
ownership, prioritization, resolution, and closure
A risk is defined as an event that has not occurred that will, if it does occur, impact the project schedule, scope,
budget, or quality. Risks need to be managed in terms of impact and probability. Mitigation strategies need to be
defined for all risks. These will be tracked and published in the weekly status report and escalated if not resolved
timely to reduce the likelihood that they become issues
An issue is defined as an event that has occurred that will impact the project schedule, scope, budget, or quality.
Unresolved Critical and High priority issues will be reported in the Weekly Status Report; medium issues greater
than 1 week past due will also be reported
The MN.IT MNsure PMO will conduct a weekly risks and issues meeting to proactively manage MNsure IT system
issues and risks
Summary Observations from the assessment, and additional detailed observations, impacts, and considerations for
the Risk and Issue Management area are presented on following slides
- 44 -
Summary Observation
Partially present
Issues/risk management is present but plan is
over a year out of date
Partially present
Risk log is present but out of date
Present
Partially present
Risk status is present but risk log is over a year
out of date
Partially present
Risk status categorized but risk log is over a
out of date
Not present
Risks in the log are not categorized by type
Partially present
Risk prioritization framework in place but risk
log is out of date
Partially present
Some issues are categorized but others are not
categorized
- 45 -
Observation
Impact
Considerations
31
32
33
34
- 46 -
Project
Management
Team
IT vendors
MN.IT MNsure
PMO
Project
Director
MN.IT
Technical Staff
MNsure/DHS
Business
- 47 -
Change Control
Summary Observations from the assessment, and additional detailed observations, impacts, and considerations for the Change
Control area are presented on following slides
- 49 -
Summary Observation
Change control log present and being used by project team members
Partially present
Log is present but not used consistently at the CCB
Partially present
Impacts discussed at the CCB but level of analysis
is inconsistent
Partially present
Request template in place, however it is
inconsistently used at the CCB
Present
Not present
Change requests/orders not in status report
- 50 -
Observation
Impact
Considerations
35
36
37
38
- 51 -
Project
Management
Team
MN.IT MNsure
PMO
Project
Director
Change
Control Board
Change Requests
Release Team
Business SMEs
IT vendors
- 52 -
Technology staff
Key Responsibilities
Key Decisions
Key Relationships
- 53 -
Meeting Cadence
One meeting per week
Defect Management
Defect Management is closely integrated with testing and release management, and effective defect management contributes to
the quality of the system
Our defect management assessment spanned the review of existing defect management processes and tools to provide
assessment results and go-forward considerations, and the review of the current set of defects to support a re -prioritization to
align with State objectives. The assessment was conducted across the dimensions of governance, process, tools, and metrics fo r
the entire defect life cycle ranging from defect reporting, tracking, triage, assignment and ownership, prioritization, resol ution,
retest, and closure
Summary Observations from the assessment, and additional detailed observations, impacts, and considerations for the Defect
Management area are presented on following slides
- 55 -
Component
Summary Observation
Not present
Overall Defect Manager and defect management team does
not exist
Not present
The State does not maintain or have ownership of the
central defect repository (JIRA)
Not present
Reported defects are not captured accurately in JIRA,
resulting in a far lower number of total open defects in JIRA
Not present
Initial JIRA reports showed only 60-162 total open defects.
Upon further follow-up and detailed analysis of JIRA, 399
total open defects were identified, including duplicates.
Partially present
Structured, coordinated Involvement of MN.IT, MNsure
business entities, and vendor teams in defect triage,
prioritization, and resolution is missing
Partially present
Key State personnel do not have the right access setup to
close resolved defects in JIRA
Partially present
Defects reported from the field help desk, and various
contact centers are lost in transition and do not always make
it to JIRA
Partially present
Documented and established guidelines for the defect life
cycle are not fully in place
- 56 -
Component
Summary Observation
Not present
Regular and structured defect triage meetings and process not in
place
Not present
Coordinated defect prioritization meetings, and tracking to resolution
and closure not in place
Not present
Defects from the go-live timeframe are still open/unresolved in JIRA
without clarity as to the expected resolution timeframe
Not present
Established meetings and processes for reviewing and confirming
defect fix cross-vendor impacts prior to resolution not in place. Can
lead to cross-module issues getting uncovered for the first time in
integrated test/UAT leading to multiple iterations and rework
Not present
Lack of clarity in JIRA when a defect is closed as to what was fixed,
and how the problem was addressed. Root cause details are missing.
Often, defects are closed prematurely in the early part of the SLDC
without UAT validation and approval
Partially present
JIRA is not configured and setup to support defect management
processes needed on a project of this scale and complexity
Not present
Detailed defect dashboards and metrics are currently not in place and
not being distributed to management or executive teams. A clear,
concise current state of defects not depicted in JIRA
- 57 -
Observation
Impact
Considerations
39
40
41
42
- 58 -
Observation
Impact
43
44
45
- 59 -
Considerations
Observation
Impact
Considerations
46
47
48
- 60 -
Observation
Impact
49
50
Amend the contract to include official, predefined timeframes for defect triaging and
resolution based on defect severity and
impact. Clarify scope and expectations
around ownership and accountability for
each step during the timeframe
- 61 -
Considerations
Observation
Impact
Considerations
51
52
53
- 62 -
Observation
Impact
Considerations
54
55
- 63 -
MN.IT MNsure
PMO
Project
Director
MN.IT Overall
Test Manager
MNsure/DHS
Business
IT vendors
MN.IT Defect
Manager
MN.IT Defect
Triage Team
- 64 -
MN.IT Defect
Management
Team
MN.IT Defect
Tools and
Metrics Team
Key Responsibilities
Key Decisions
Key Relationships
Project Management Team: Understand the status and progress
of the current state of defects and the resolution plan relative to the
overall release schedule
MNsure and DHS: Active representation across business areas for
review and approval of work prioritization
Vendors: Provide triage and produce SME support, provide
estimations to factor into the prioritization and defect resolution plan
for information about the status and future of MNsure
- 65 -
Below is an existing breakdown of the 399 non-closed defects by Priority and Severity
Existing Breakdown of 399 nonclosed defects by Priority
Defects by Severity
Defects by Priority
Blocker
Critical
11
63
3 - Major w workaround
44
Minor
192
Trivial
196
4 - Minor w workaround
5 - Cosmetic
Deferred
32
Major
78
15 5
1 - Total Failure
14 5
14
80
Pending PM
assignment
Major
Pending Assignment
* Non-closed includes all statuses except closed, from all projects in JIRA (MNHIX*, SCM Team, Short Term Projects, Security Dom ain)
- 66 -
Blocker, Critical,
Major
15
37
Priority 1
Minor, Trivial
Priority 2
123
223
155
Deferred
Priority 3
- 67 -
- 68 -
Test Management
- 70 -
Component
Summary Observation
Test team by phase, where the team is well-defined with roles and
responsibilities, including a Test Manager, Testers, Business SMEs,
and Development/Product Support
Not present
Overall Test Manager, Test Leads for each phase and the right
complement of test resources not in place
Partially present
Testing occurs directly in production and for the first time in UAT or
production for complex functionality and components such as
batch jobs and notices
Partially present
Training occurs on an as-needed basis or not at all, and often,
business SMEs pick up testing due to limited functional knowledge
outside that group
Partially present
Does not exist for some phases (such as unit test or integration
test). May exist for phases such as UAT but is not documented.
Often created ad hoc and as-needed and not maintained or
tracked against
Partially present
Not documented and may exist informally; often created just in
time but not maintained or tracked against
Not present
Pre-defined schedule does not exist. Delays in earlier test phases
or deployment delays to UAT not factored in to adjust the UAT
schedule, causing impacts to the available time for testing in UAT
Partially present
Not updated for ongoing functionality. High-level and usable by a
small group only; cannot be leveraged effectively by IT Testers and
other stakeholders
- 71 -
Component
Summary Observation
Partially present
Only one point-in-time, outdated version. Not maintained
for ongoing changes in requirements and test cases
Not present
Acceptance and certification of functionality is done on a
qualitative basis by business SMEs and documented
entrance and exit criteria not present
Partially present
Insufficient, often invalidated by multiple testers using the
same data set, and created manually for the most part
Partially present
Limited means to effectively create large volumes of data
Not present
Does not exist for UAT; interfaces, batches, notices cannot
be tested in the UAT environment
Partially present
Occurs to a limited extent
Not present
Only 3 runs of performance test to-date, conducted by a
third party
Partially present
All regression testing owned by vendor and done primarily
in system test. Limited to no regression test in UAT
Partially present
Limited, can test only in system test and not in UAT
- 72 -
Component
Summary Observation
Testing tools usage for test case creation and maintenance, test
execution, Performance testing, Security Testing, ADA Testing
Partially present
Limited, de-centralized, not coordinated and fully leveraged
Not present
Executive and detailed dashboards for test metrics not present
- 73 -
Observation
Impact
Considerations
56
57
- 74 -
Observation
Impact
Considerations
58
59
- 75 -
Observation
Impact
Considerations
60
61
- 76 -
Observation
Impact
Considerations
62
63
64
- 77 -
Observation
Impact
Considerations
65
- 78 -
Observation
Impact
Considerations
66
67
- 79 -
MN.IT MNsure
PMO
Project
Director
MN.IT Overall
Test Manager
MNsure/DHS
Business
IT vendors
MN.IT UAT
Test Lead
MN.IT Test
Team
- 80 -
Key Responsibilities
Key Decisions
Key Relationships
- 81 -
- 82 -
Activity
Description
The purpose provides an introduction to the test plan and outlines the intent and components of the plan. The scope highlights the high level functional requirements or functional areas that the test plan applies to.
Test Objectives
This section will outline the motivating factors and expected outcomes of testing, the aspects that are in scope, and an overview of
planned tests with whats included and whats not
Test Strategy
The Test Strategy establishes the foundation for all testing activities. It covers testing policies and processes to support the vario us test
levels and cycles. The Test Strategy will provide flexible, consistent delivery of testing services to drive improved quality , lower cost and
increase speed of delivery across the system.
Test Approach
The Test Approach is created after the Test Strategy has been approved. It outlines the scope of the overall testing effort, the test levels
required for the project, the test team organization, the estimated effort needed to plan and execute, the issue resolution p rocess and the
roles/responsibilities of the team involved. The Test Approach is the predecessor to the detailed Test Plan.
The Test Plan includes: the scope of the testing effort, roles and responsibilities of all team members providing support, th e schedule and
time frame for scenario development and testing, and a detailed overview of all activities involved in the system testing pro cess. The Test
Plan will identify the standards and metrics against which test activities are planned and measured.
Includes detailed definition of the test scenarios, review, and approval, and traceability of the test cases to requirements
The Test Entry Criteria help determine if the execution of a particular Test Plan can begin. All criteria within the Testing Approach must
be met or documented. Exceptions must be mutually agreed upon before testing can begin. The Test Exit Criteria will be used t o
determine if the execution of the Test Plan is complete and intended objectives are met. The criteria must be clearly documented upfront.
Outlines all aspects of test data management, including the types of data, how frequently data should be refreshed, mechanisms to
create and use data, any automated tools for creating data, and the resources and ownership of data management
Includes the environment name and technical details, for the source and target systems as well as any tools used for testing.
Environment sizing and the intended number of testing iterations (assuming the target environment will be refreshed/cleared i n between
iterations) will be critical expectations to document. Access to the environment(s) should also be defined.
10
This section outlines the required resources to address the test effort, main roles and responsibilities of these resources, along with
expected knowledge base and skill sets. The section also discusses how to approach training for the testing roles on the proj ect.
11
Test Schedule
This section will include the key schedule milestones, the test schedule for detailed planning and iterations (execution cycles), number of
iterations, characteristics of each iteration (for example: size of load, timeframe, data variations), and the expected timeframe for each.
Depending on the solution, it may be advisable to begin with a subset of production data that represents the basic or most common
business scenarios, and then perform iterations on more focused scenarios individually.
12
Reports should be defined to be created regularly to track, manage, and communicate the progress and status of testing. These reports
include summary and detailed information of test scripts executed and defects discovered during testing. The reports are gene rated
based on the data elements in the Test Management Tool, which provides for customization of the attributes as needed.
13
This section will identify potential risks, mitigation and contingency for each risk, and its likelihood. Any assumptions or depe ndencies
likely to impact the test plan, test executions, or outcomes of testing should also be outlined here, with an escalation and mitigation plan.
- 83 -
Release Management
Release Management is closely integrated with testing and development and determines that code is deployed in the right
environment at the right time. The release manager coordinates release activities with change management, testing
management, and defect management to align activities across the project
The components that were assessed for release management include release plans, calendars, roles and responsibilities,
prioritizations, release estimates, deployment standards and tools including release management checklists
Summary Observations from the assessment, and additional detailed observations, impacts, and considerations for the
Release Management area are presented on following slides
- 85 -
Summary Observation
Release Plan that details the software release to all environments, identifies release
strategy, logistics, tasks, recovery and disaster plans, rollback plans, and pre and
post-implementation activities
Partially present
Some details are contained in individual documents
Partially present
A schedule has been developed, but it is missing
the integrated view
Not present
Individuals are driving requirements to completion,
however the no cross-organization role has been
defined with expectations
Not present
Individuals are performing roles, however the roles
have not been defined with expectations
Release Notes that list all items delivered within a particular release for both
business and technical audiences
Partially present
Technical details are included based upon vendor
input, however the business focus of release notes
is limited
Not present
Prioritization occurs through informal processes
and no priorities are documented associated to
defects and requirements
Partially present
Checklists are being used for migrations, however
information sharing between environments is
limited, processes are not documented, and
checklists are not used to drive continuous
improvement
- 86 -
Observation
Impact
68
69
70
71
- 87 -
Considerations
Observation
Impact
Considerations
72
73
74
75
- 88 -
Observation
Impact
76
77
78
- 89 -
Considerations
Observation
Impact
Considerations
79
80
81
- 90 -
MN.IT MNsure
PMO
Project
Director
MNsure/DHS
Business
MN.IT Release
Manager
IT vendors
MN.IT
Infrastructure
- 91 -
MN.IT
Deployment
Team
Key Responsibilities
Key Decisions
Key Relationships
Meeting Cadence
As needed per workplan
- 92 -
Activity
Description
The purpose provides an introduction to the release plan and outlines the intent and components of the plan. The scope highlights the
high-level functional requirements that are required to be implemented as part of release management
As part of creating a release management plan, an initial step is to conduct a current state inventory of release management processes,
tools, and stakeholders
Release Strategy
This section provides an overview of the strategy for future MNsure releases. The strategy includes understanding of any concurrent
project deployments to be included within the release, identification of any components or sub-systems that are impacted, and the
nature of impact. For MNsure, the release strategy incorporates the overall orchestration of resources, tasks, and environments
required to perform a successful release
Release Logistics
This section documents the logistics for this release in terms of technology infrastructure, network, application, third party software and
resource needs. The logistics included here provide an overview of the process and components needed to orchestrate a successful
release into production or non-production environments
Release Estimation
This section defines the estimating actions that need to be completed for a successful production or non-production release
Release Classification
Releases will be managed by the Release Manager and grouped into Release Types such as Major, Minor, and Emergency. Individual
process steps may vary by release type
It may become necessary to revert to the pre-release state, if possible. Detailed steps should be developed for Rollback. These are
taken in the event that a contingency occurs during or after release that cannot be appropriately mitigated
The purpose of the Release Go-No Go Criteria Checklist is to evaluate the readiness of going live with the new system. The criteria
should be used to help aid the decision of whether or not to move a release into the production environment
Release Notes
The Software Release Notes is the quality record that lists the items delivered within a particular release. The document includes
general information about the release, compatible products in the release, upgrades from previous releases, new features introduced in
the release and known limitations, bugs, and workarounds
10
Prioritization Process
As part of the prioritization process, stakeholders need to prioritize defects, enhancements, and develop overall budgets for releases.
Prioritization correlates with release classification. The overall process for prioritization integrates with the release management
process and the overall governance structure
11
This section identifies the roles for performing the release and deployment activities and describes the responsibilities of identified roles
12
Release Processes
All release management processes will be documented in each environment as part of developing the release management plan
- 93 -
Appendix A:
Project Management
Processes
MN.IT
MNsure
PMO
Project
Status
1. Submit Data
Request
Action
Items
Test
Management
Change
Requests
Release
Management
Vendors
2. Compile Data
Request
MN.IT
2. Compile Data
Request
DHS
MNsure
2. Compile Data
Request
Decisions
Risks
Legend
Task
Inputs /
Outputs
Step
Supporting
Outputs
Procedure
- 95 -
Decision
Issues
Work Plan
4. Distribute
Project Status
Project
Status
Scope
Resources Schedule
Quality
Budget
Request
ID
Priority/
Sev erity
Description
Target
Resolution Date
Project
Status
Sum m ary
Progress
Baseline
Planned/Actual
Finish Date
Finish Date
Status
Com m ents
C
G
Y
R
NS
NS
Not started
Trending Up (Improving)
Completed
- 96 -
On track
Project
Team
Members
MN.IT
MNsure
PMO
1. Identify Risk
Update JIRA
2. Validate JIRA
Entry
5. Develop Risk
Response
Project
Management
Team
Yes
No
4. Is Risk Severity
High?
3. Analyze Risk
6. Monitor Risk
No
Risk
Owner
7. Is the
Risk
Real?
Legend
Task
Inputs /
Outputs
Step
Supporting
Outputs
Procedure
- 97 -
Decision
8.
Manage
Risk
Yes
9. Close Risk
MN.IT
MNsure
PMO
Update JIRA
1. Record and
validate details
about issue in
JIRA
Project
Management
Plan
2. Assign
proposed issue
5. Change
Request?
3. Performs issue
management
Yes
Project
Management
Team
Change
Control
Board
5. Manages
Change
Requests
Legend
Task
Inputs /
Outputs
Step
Supporting
Outputs
Procedure
- 98 -
Decision
No
6. Closes issue
MN.IT
MNsure
PMO
2. Review
Change Request
Form
3. Review Impact
Analysis
Change
Control
Board
Change
Requestor
Project
Management
Plan
4. CCB Review
and Approval?
Yes
No
1. Complete
Change Request
Form
PMO
Communications
Manager
5. Communicate
Changes
Legend
Task
Inputs /
Outputs
Update JIRA
Step
Supporting
Outputs
Procedure
- 99 -
Decision
- 100 -
MN.IT Defect
Manager
2. Drive defect
triage
MN.IT Defect
Team
3. Conduct
defect
triage
1. Intake
Defects
Business
SMEs
4.
Participate
in defect
triage
Vendor
Teams
5. Drive
defect
prioritization
8. Create
defect
resolution and
retest plans
9. Retest defects
and track defects
to resolution and
closure
6.
Participate in
defect
prioritization
7. Provide input
to the defect
plans and
resolution details
Legend
Task
Inputs /
Outputs
Step
Supporting
Outputs
12. Publish
executive and
detailed defect
dashboards
Procedure
- 101 -
Decision
3. Approve the
Test Strategy,
Approach, and
Plan,
MN.IT Test
Leadership
MN.IT Test
Team
Business
SMEs
1. Create Test
Strategy,
Approach, and
Plan,
Provide
notification as
to a new build
6. Create
test data
7. Execute
test cases
5. Review and
provide feedback on
the test scenarios
and cases
8. Support test
execution
Vendor
Teams
Legend
Task
Inputs /
Outputs
Step
Supporting
Outputs
Procedure
- 102 -
Decision
9. Review
and
Approve
test results
MN.IT
Release
Plan
1. Plan
Release
PMT
Vendors
2.
Develop
Release
Schedule
3. Develop
Deployment
Plan
No
4. Approve
Release?
Yes
Release
Schedule
PMO
Communications
Manager
7. Communicate
Release
Legend
Task
6. Deploy
Release
Inputs /
Outputs
Step
Supporting
Outputs
Procedure
- 103 -
Decision
8. Close
Release
Appendix B:
Roles and Responsibilities
Roles and Responsibilities Status reporting, vendor management, work plan, and
requirements RACI Matrix
R
A
C
I
IT Vendors
C
C
C
C
C
A
A
I
R
C
C
C
C
C
C
C
I
A
C
C
C
C
C
C
C
C
I
C
C
C
C
C
I
C
A
C
MNsure
DHS
MN.IT
The RACI matrix identifies the governing groups, agencies and stakeholders involved in governance that are responsible,
accountable, consulted and informed
A, R
A, R
A, R
A, R
A, R
R
R
R
I
Legend
Who is Responsible? The person or entity assigned to do the work
Who is Accountable? The person or entity that makes the final decision
Who is Consulted?
The person or entity assigned that must be consulted before a decision or action is taken
Who is Informed?
The person or entity that must be informed that a decision or action has been taken
- 105 -
R
A
C
I
C
A
A
A
A
A
A
A
C
C
C
C
C
C
Project Team
Project Management
Team
The RACI matrix identifies the governing groups, agencies and stakeholders involved in governance that are responsible,
accountable, consulted and informed
R
R
R
R
R
R
R
Legend
Who is Responsible? The person or entity assigned to do the work
Who is Accountable? The person or entity that makes the final decision
Who is Consulted?
The person or entity assigned that must be consulted before a decision or action is taken
Who is Informed?
The person or entity that must be informed that a decision or action has been taken
- 106 -
R
A
C
I
CCB
Project Management
Team
The RACI matrix identifies the governing groups, agencies and stakeholders involved in governance that are responsible,
accountable, consulted and informed
A
A
A
R
A
A
A
A
R
R
R
A
R
R
R
R
C
C
C
C
C
C
C
C
Legend
Who is Responsible? The person or entity assigned to do the work
Who is Accountable? The person or entity that makes the final decision
Who is Consulted?
The person or entity assigned that must be consulted before a decision or action is taken
Who is Informed?
The person or entity that must be informed that a decision or action has been taken
- 107 -
R
A
C
I
CCB
PMO Communications
Manager
Change Requestor
The RACI matrix identifies the governing groups, agencies and stakeholders involved in governance that are responsible,
accountable, consulted and informed
R
C
C
C
C
C
A
A
R
R
R
I
R
R
C
A
A
C
A
A
C
I
I
I
A
R
I
I
Legend
Who is Responsible? The person or entity assigned to do the work
Who is Accountable? The person or entity that makes the final decision
Who is Consulted?
The person or entity assigned that must be consulted before a decision or action is taken
Who is Informed?
The person or entity that must be informed that a decision or action has been taken
- 108 -
R
A
C
I
Business SMEs
IT Vendors
The RACI matrix identifies the governing groups, agencies and stakeholders involved in governance that are responsible,
accountable, consulted and informed.
A
R
R
A
C
A
R
C
C
A
R
R
A
A
R
R
R
A
R
I
R
A
I
I
C
I
I
I
I
I
A
I
I
C
C
C
C
A
C
C
A
R
C
C
Legend
Who is Responsible? The person or entity assigned to do the work
Who is Accountable? The person or entity that makes the final decision
Who is Consulted?
The person or entity assigned that must be consulted before a decision or action is taken
Who is Informed?
The person or entity that must be informed that a decision or action has been taken
- 109 -
R
A
C
I
Business SMEs
IT Vendors
The RACI matrix identifies the governing groups, agencies and stakeholders involved in governance that are responsible,
accountable, consulted and informed.
A
R
A
A
R
R
C
A
R
C
R
R
C
C
A
C
A
R
C
A
A
R
C
A
R
A
A
R
R
R
I
I
I
I
I
I
A
R
I
A
I
I
I
A
I
R
C
I
R
C
C
C
C
C
C
C
C
A
C
C
Legend
Who is Responsible? The person or entity assigned to do the work
Who is Accountable? The person or entity that makes the final decision
Who is Consulted?
The person or entity assigned that must be consulted before a decision or action is taken
Who is Informed?
The person or entity that must be informed that a decision or action has been taken
- 110 -
R
A
C
I
MN.IT
Project Management
Team
IT Vendors
PMO Communication
Team
The RACI matrix identifies the governing groups, agencies and stakeholders involved in governance that are responsible,
accountable, consulted and informed
Plan release
Develop release schedule and deployment plan
Review and approve release
Deploy release
Develop release notes
Draft release communications
Approve and send release communications
Close release
Document closed release in release management plan
Incorporate release information into weekly status report
R
R
R
A
R
C
C
I
R
R
A
A
A
R
A
R
A
R
A
A
C
C
C
C
C
C
C
C
C
C
I
I
I
I
I
A
R
A
I
I
Legend
Who is Responsible? The person or entity assigned to do the work
Who is Accountable? The person or entity that makes the final decision
Who is Consulted?
The person or entity assigned that must be consulted before a decision or action is taken
Who is Informed?
The person or entity that must be informed that a decision or action has been taken
- 111 -
Appendix C:
Interviews Conducted
Interviews Conducted
No.
Organization
Interview Subject
Interview Date
MN.IT
Testing
May 1, 2014
MN.IT
Governance
May 2, 2014
MNsure
Deployment Process
May 2, 2014
MNsure
Governance
May 5, 2014
MNsure
Governance
May 6, 2014
MN.IT
Testing
May 6, 2014
MN.IT
May 7, 2014
MN.IT
Testing
May 7, 2014
DHS
Governance
May 7, 2014
10
DHS
Governance
May 7, 2014
11
MNsure
Governance
May 7, 2014
12
MN.IT, IV&V
Testing
May 7, 2014
13
DHS
Conversion Strategy
May 7, 2014
14
EngagePoint
Release Management
May 7, 2014
15
MN.IT
Governance
May 7, 2014
16
DHS
Governance
May 7, 2014
17
MNsure
Governance
May 7, 2014
- 113 -
Organization
Interview Subject
Interview Date
18
MNsure
Carrier Communication
May 8, 2014
19
MN.IT
Testing
May 8, 2014
20
DHS
Governance
May 8, 2014
21
DHS
Governance
May 8, 2014
22
DHS
Governance
May 8, 2014
23
Connecture
Release Management
May 8, 2014
24
Connecture
Testing
May 9, 2014
25
MN.IT
Testing
May 9, 2014
26
Counties
Governance, communication
May 9, 2014
27
EngagePoint
Governance
28
IBM/Cram
Release Management
29
MN.IT
Testing
30
Board of Directors
Governance
31
DHS, MN.IT
Testing
32
Carriers
Governance
33
MNsure
Testing
- 114 -
Organization
Interview Subject
Interview Date
34
EngagePoint
Testing
35
IBM/Cram
Governance, communication
36
DHS
Testing
37
PwC
Governance
38
Testing
39
EngagePoint
Testing
40
Navigators
Governance
41
IV&V
Governance
42
DHS
Testing
43
MN.IT
Testing
44
DHS, MN.IT
Governance
45
Connecture
Governance
46
MN.IT
Governance
47
MN.IT
Governance
48
MNsure
Brokers
June 3, 2014
- 115 -
Disclaimer
This document may contain Confidential Information and is intended strictly for MNsure s internal use and
not for any third party. As such, Deloitte is not, by means of any resulting publication of this document,
rendering professional advice or services to any third party. Any resulting publication should not be used
by any third party as a basis for any decision or action that may affect its business. Third parties should
consult a qualified professional advisor before making any decision or taking any action that may affect its
business.
Deloitte shall not be responsible for any loss sustained by any third party who relies on any resulting
publication of this document.
About Deloitte
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by
guarantee, and its network of member firms, each of which is a legally separate and independent entity.
Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche
Tohmatsu Limited and its member firms. Please see www.deloitte.com/us/about for a detailed description of
the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients
under the rules and regulations of public accounting.
- 116 -